Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-lab / e188980b5b27ea0815cdeb0ed6c448498ed86290 / . / classes / cluster / virtual-mcp-pike-dvr-ssl / openstack / control.yml
blob: 4d44545d9674531b5a413141de7bc9cd39d02f55 [file] [log] [blame]
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]1classes:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]2- system.salt.minion.cert.proxy
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]3- system.salt.minion.cert.mysql.server
4- system.salt.minion.cert.rabbitmq_server
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]5- system.linux.system.lowmem
6- system.linux.system.repo.mcp.apt_mirantis.glusterfs
7- system.linux.system.repo.mcp.apt_mirantis.openstack
8- system.linux.system.repo.mcp.extra
Martin Polreicha0addcc2018-06-25 11:32:52 +0200[diff] [blame]9- system.linux.system.repo.mcp.apt_mirantis.saltstack
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]10- system.memcached.server.single
11- system.rabbitmq.server.cluster
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]12- service.rabbitmq.server.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]13- system.rabbitmq.server.vhost.openstack
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]14- system.apache.server.site.manila
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]15- system.apache.server.site.nova-placement
16- system.apache.server.site.cinder
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]17- system.nginx.server.single
18- system.nginx.server.proxy.openstack_api
19- system.nginx.server.proxy.openstack.designate
Mykyta Karpin70f651e2018-08-02 18:34:54 +0300[diff] [blame]20- system.nginx.server.proxy.openstack.glance_registry
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]21- system.keystone.server.wsgi
22- system.keystone.server.cluster
23- system.glusterfs.client.cluster
24- system.glusterfs.client.volume.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]25- system.glusterfs.server.volume.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]26- system.glusterfs.server.cluster
27- system.glance.control.cluster
28- system.nova.control.cluster
29- system.neutron.control.openvswitch.cluster
30- system.cinder.control.cluster
Oleksii Butenkof93170c2018-05-16 16:29:10 +0300[diff] [blame]31- system.cinder.control.backend.lvm
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]32- system.heat.server.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]33- system.designate.server.cluster
34- system.galera.server.cluster
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]35- system.apache.server.ssl
36- system.nginx.server.proxy.ssl
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]37- system.galera.server.database.cinder
38- system.galera.server.database.glance
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]39- system.galera.server.database.heat
40- system.galera.server.database.keystone
41- system.galera.server.database.nova
42- system.galera.server.database.designate
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]43- system.galera.server.database.manila
Mykyta Karpin912ac972018-03-20 11:29:23 +0200[diff] [blame]44- system.galera.server.database.aodh
45- system.galera.server.database.panko
46- system.galera.server.database.gnocchi
47- system.ceilometer.client
48- system.ceilometer.client.cinder_volume
49- system.ceilometer.client.neutron
Dennis Dmitriev0752ab12018-03-07 13:55:45 +0200[diff] [blame]50- system.haproxy.proxy.listen.openstack.placement
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]51- system.haproxy.proxy.listen.openstack.manila
52- system.manila.control.cluster
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]53- cluster.virtual-mcp-pike-dvr-ssl
54
55parameters:
56 _param:
57 keepalived_vip_interface: ens4
58 salt_minion_ca_authority: salt_master_ca
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]59 nginx_proxy_ssl:
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]60 authority: "${_param:salt_minion_ca_authority}"
61 key_file: "/etc/ssl/private/internal_proxy.key"
62 cert_file: "/etc/ssl/certs/internal_proxy.crt"
63 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
64 apache_ssl:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]65 authority: "${_param:salt_minion_ca_authority}"
66 key_file: "/etc/ssl/private/internal_proxy.key"
67 cert_file: "/etc/ssl/certs/internal_proxy.crt"
68 chain_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
69 nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
70 nginx_proxy_openstack_keystone_host: 127.0.0.1
71 nginx_proxy_openstack_nova_host: 127.0.0.1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]72 nginx_proxy_openstack_glance_host: 127.0.0.1
73 nginx_proxy_openstack_neutron_host: 127.0.0.1
74 nginx_proxy_openstack_heat_host: 127.0.0.1
75 nginx_proxy_openstack_designate_host: 127.0.0.1
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]76 apache_manila_api_address: ${_param:single_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]77 apache_keystone_api_host: ${_param:single_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]78 apache_nova_placement_api_address: ${_param:cluster_local_address}
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]79 apache_cinder_api_address: ${_param:cluster_local_address}
Mykyta Karpina75691c2018-07-31 09:49:49 +0000[diff] [blame]80
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]81 rabbitmq:
82 server:
83 ssl:
84 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]85 nginx:
86 server:
87 site:
88 nginx_proxy_openstack_api_keystone:
89 enabled: false
90 nginx_proxy_openstack_api_keystone_private:
91 enabled: false
Vasyl Saienko5883a7c2018-04-02 18:21:42 +0300[diff] [blame]92 nginx_proxy_openstack_api_cinder:
93 enabled: false
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]94 linux:
95 system:
96 package:
97 python-msgpack:
98 version: latest
99 network:
100 interface:
101 ens4:
102 enabled: true
103 type: eth
104 proto: static
105 address: ${_param:single_address}
106 netmask: 255.255.255.0
107 keepalived:
108 cluster:
109 instance:
110 VIP:
111 virtual_router_id: 150
112 keystone:
113 server:
114 admin_email: ${_param:admin_email}
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]115 database:
116 ssl:
117 enabled: ${_param:galera_ssl_enabled}
118 message_queue:
119 port: ${_param:rabbitmq_port}
120 ssl:
121 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]122 designate:
123 pool_manager:
124 enabled: ${_param:designate_pool_manager_enabled}
125 periodic_sync_interval: ${_param:designate_pool_manager_periodic_sync_interval}
126 server:
127 identity:
128 protocol: https
129 bind:
130 api:
131 address: 127.0.0.1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]132 database:
133 ssl:
134 enabled: ${_param:galera_ssl_enabled}
135 message_queue:
136 port: ${_param:rabbitmq_port}
137 ssl:
138 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]139 backend:
140 pdns4:
141 api_token: ${_param:designate_pdns_api_key}
142 api_endpoint: ${_param:designate_pdns_api_endpoint}
143 mdns:
144 address: ${_param:designate_mdns_address}
145 port: ${_param:designate_mdns_port}
146 pools:
147 default:
148 description: 'test pool'
149 targets:
150 default:
151 description: 'test target1'
152 default1:
153 type: ${_param:designate_pool_target_type}
154 description: 'test target2'
155 masters: ${_param:designate_pool_target_masters}
156 options:
157 host: ${_param:openstack_dns_node02_address}
158 port: 53
159 api_endpoint: "http://${_param:openstack_dns_node02_address}:${_param:powerdns_webserver_port}"
160 api_token: ${_param:designate_pdns_api_key}
161 quota:
162 zones: ${_param:designate_quota_zones}
163 glance:
164 server:
165 storage:
166 engine: file
167 images: []
168 workers: 1
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]169 bind:
170 address: 127.0.0.1
171 identity:
172 protocol: https
173 registry:
174 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]175 database:
176 ssl:
177 enabled: ${_param:galera_ssl_enabled}
178 message_queue:
179 port: ${_param:rabbitmq_port}
180 ssl:
181 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]182 heat:
183 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]184 bind:
185 api:
186 address: 127.0.0.1
187 api_cfn:
188 address: 127.0.0.1
189 api_cloudwatch:
190 address: 127.0.0.1
191 identity:
192 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]193 database:
194 ssl:
195 enabled: ${_param:galera_ssl_enabled}
196 message_queue:
197 port: ${_param:rabbitmq_port}
198 ssl:
199 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko8a06faa2018-07-16 14:04:54 +0300[diff] [blame]200 # Since we using self signed cert not present in images, we have to
201 # use insecure option when sending signal to wait condition from instance.
202 clients:
203 heat:
204 insecure: true
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]205 neutron:
206 server:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]207 bind:
208 address: 127.0.0.1
209 identity:
210 protocol: https
Michael Polenchukddc7c4c2018-03-14 14:14:05 +0400[diff] [blame]211 l2gw:
212 enabled: true
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]213 database:
214 ssl:
215 enabled: ${_param:galera_ssl_enabled}
216 message_queue:
217 port: ${_param:rabbitmq_port}
218 ssl:
219 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]220 nova:
221 controller:
222 networking: dvr
223 cpu_allocation: 54
224 metadata:
225 password: ${_param:metadata_password}
Oleksii Butenko0c6a75b2018-04-03 20:33:37 +0300[diff] [blame]226 bind:
227 address: ${_param:cluster_local_address}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]228 bind:
229 public_address: ${_param:cluster_vip_address}
230 novncproxy_port: 6080
231 private_address: 127.0.0.1
232 identity:
233 protocol: https
234 network:
235 protocol: https
236 glance:
237 protocol: https
238 vncproxy_url: http://${_param:cluster_vip_address}:6080
239 workers: 1
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]240 database:
241 ssl:
242 enabled: ${_param:galera_ssl_enabled}
243 message_queue:
244 port: ${_param:rabbitmq_port}
245 ssl:
246 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin6b2ed052018-04-20 13:42:57 +0300[diff] [blame]247 notification:
248 notify_on:
249 state_change: vm_and_task_state
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]250 cinder:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]251 controller:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]252 identity:
253 protocol: https
254 osapi:
255 host: 127.0.0.1
256 glance:
257 protocol: https
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]258 database:
259 ssl:
260 enabled: ${_param:galera_ssl_enabled}
261 message_queue:
262 port: ${_param:rabbitmq_port}
263 ssl:
264 enabled: ${_param:rabbitmq_ssl_enabled}
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]265 manila:
266 common:
267 identity:
268 protocol: https
Vasyl Saienko827d29d2018-03-29 13:13:27 +0300[diff] [blame]269 default_share_type: default
Vasyl Saienkoe43865c2018-03-30 22:00:39 +0300[diff] [blame]270 database:
271 ssl:
272 enabled: ${_param:galera_ssl_enabled}
273 message_queue:
274 port: ${_param:rabbitmq_port}
275 ssl:
276 enabled: ${_param:rabbitmq_ssl_enabled}
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]277 salt:
278 minion:
279 cert:
280 internal_proxy:
281 host: ${_param:salt_minion_ca_host}
282 authority: ${_param:salt_minion_ca_authority}
283 common_name: internal_proxy
284 signing_policy: cert_open
285 alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_public_host},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_local_address},DNS:${_param:cluster_public_host}
286 key_file: "/etc/ssl/private/internal_proxy.key"
287 cert_file: "/etc/ssl/certs/internal_proxy.crt"
288 all_file: "/etc/ssl/certs/internal_proxy-with-chain.crt"
289 haproxy:
290 proxy:
291 listen:
292 # barbican-api:
293 # type: ~
294 # barbican-admin-api:
295 # type: ~
296 designate_api:
297 type: ~
298 keystone_public_api:
299 type: ~
300 keystone_admin_api:
301 type: ~
Mykyta Karpin96cc7982018-03-19 12:41:51 +0200[diff] [blame]302 manila_api:
303 type: ~
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]304 nova_api:
305 type: ~
306 nova_metadata_api:
307 type: ~
308 cinder_api:
309 type: ~
310 glance_api:
311 type: ~
312 glance_registry_api:
313 type: ~
314 heat_cloudwatch_api:
315 type: ~
316 heat_api:
317 type: ~
318 heat_cfn_api:
319 type: ~
320 neutron_api:
321 type: ~
Vasyl Saienkoeadc0552018-03-15 11:00:15 +0200[diff] [blame]322 placement_api:
Vasyl Saienko91160482018-02-20 17:31:33 +0200[diff] [blame]323 type: ~